1. Technical Field
The present invention relates in general to data processing systems and in particular to an improved method and system for protecting data processing systems from malicious attacks.
2. Description of the Related Art
Frequently, after the release of conventional computer software, the software publisher becomes aware of vulnerabilities in the software that may be exploited by hackers. These vulnerabilities are especially important in certain types of software, such as operating systems, Internet browsers, firewalls, and antivirus software. Typically, once the software publisher becomes aware of a vulnerability (or coding error), the software publisher makes an announcement (also referred to as a “vulnerability publication”) and later releases a software patch to address the vulnerability.
The amount of time between vulnerability publication and malicious exploitation of the announced vulnerability is decreasing dramatically. For instance, hackers have utilized the Internet to exploit vulnerabilities within twenty-four hours of a software publisher's announcement of a particular vulnerability. Since system administrators need time to test the software patch and then apply the patch to affected computer systems, the decreasing hacker response times to vulnerability announcements widen the effective time window of malicious exploitation, regardless of when the announcement occurs within the software patch cycle (e.g., concurrently with software patch release, concurrently with vulnerability publication, etc.).
System administrators often prefer to reduce the scope and/or postpone the installation of software patches because of the risk of system failure when updating a currently stable system with a newly-released software patch. The system administrator is thus trapped in an untenable situation when a vulnerability (or coding error) is announced before a software patch is available, or if more testing is required before an available software patch can be applied. Furthermore, system administrators may want to forgo applying a particular software patch altogether if the corresponding vulnerability is not currently exhibited on a computer system. For example, the system administrator may not want to apply a software patch to a critical database if the installation requires shutting down and restarting the database (i.e., temporarily rendering the database inaccessible), unless the system administrator is aware that their system is exhibiting the vulnerability that would be solved by the software patch.
Consequently, an improved method and system for reducing the window of malicious exploitation between vulnerability publication and the installation of a software patch are needed.